Skip to content

Commit

Permalink
Merge branch 'main' into regenerate-api-inference-docs
Browse files Browse the repository at this point in the history
  • Loading branch information
Wauplin committed Nov 15, 2024
2 parents a4f51f5 + 23a1d86 commit fa5547e
Show file tree
Hide file tree
Showing 20 changed files with 329 additions and 121 deletions.
46 changes: 25 additions & 21 deletions docs/hub/_toctree.yml
Original file line number Diff line number Diff line change
Expand Up @@ -279,6 +279,10 @@
title: Tabby on Spaces
- local: spaces-sdks-docker-giskard
title: Giskard on Spaces
- local: spaces-sdks-docker-evidence
title: Evidence on Spaces
- local: spaces-sdks-docker-marimo
title: marimo on Spaces
- local: spaces-embed
title: Embed your Space
- local: spaces-run-with-docker
Expand Down Expand Up @@ -321,27 +325,27 @@
title: Organization Cards
- local: organizations-security
title: Access Control in Organizations
- local: enterprise-hub
title: Enterprise Hub
sections:
- local: enterprise-sso
title: Single Sign-On (SSO)
- local: audit-logs
title: Audit Logs
- local: storage-regions
title: Storage Regions
- local: enterprise-hub-datasets
title: Dataset viewer for Private datasets
- local: enterprise-hub-resource-groups
title: Resource Groups (Access Control)
- local: advanced-compute-options
title: Advanced Compute Options
- local: enterprise-hub-advanced-security
title: Advanced Security
- local: enterprise-hub-tokens-management
title: Tokens Management
- local: enterprise-hub-analytics
title: Analytics
- local: enterprise-hub
title: Enterprise Hub
sections:
- local: enterprise-sso
title: Single Sign-On (SSO)
- local: audit-logs
title: Audit Logs
- local: storage-regions
title: Storage Regions
- local: enterprise-hub-datasets
title: Dataset viewer for Private datasets
- local: enterprise-hub-resource-groups
title: Resource Groups (Access Control)
- local: advanced-compute-options
title: Advanced Compute Options
- local: enterprise-hub-advanced-security
title: Advanced Security
- local: enterprise-hub-tokens-management
title: Tokens Management
- local: enterprise-hub-analytics
title: Analytics
- local: billing
title: Billing
- local: security
Expand Down
19 changes: 16 additions & 3 deletions docs/hub/advanced-compute-options.md
Original file line number Diff line number Diff line change
@@ -1,15 +1,28 @@
# Advanced Compute Options

Enterprise Hub organizations gain access to advanced compute options to accelerate their machine learning journey.

<Tip warning={true}>
This feature is part of the <a href="https://huggingface.co/enterprise" target="_blank">Enterprise Hub</a>.
This feature is part of the <a href="https://huggingface.co/enterprise">Enterprise Hub</a>.
</Tip>

Enterprise Hub organizations gain access to advanced compute options to accelerate their machine learning journey.

## Host ZeroGPU Spaces in your organization

ZeroGPU is a dynamic GPU allocation system that optimizes AI deployment on Hugging Face Spaces. By automatically allocating and releasing NVIDIA A100 GPUs (40GB VRAM) as needed, organizations can efficiently serve their AI applications without dedicated GPU instances.

<div class="flex justify-center" style="max-width: 550px">
<img
class="block dark:hidden !m-0"
src="https://huggingface.co/datasets/huggingface/documentation-images/resolve/main/enterprise/advanced-compute-options-zero.png"
alt="screenshot of Hugging Face Advanced Compute Options (ZeroGPU)"
/>
<img
class="hidden dark:block !m-0"
src="https://huggingface.co/datasets/huggingface/documentation-images/resolve/main/enterprise/dark-advanced-compute-options-zero.png"
alt="screenshot of Hugging Face Advanced Compute Options (ZeroGPU)"
/>
</div>

**Key benefits for organizations**

- **Free GPU Access**: Access powerful NVIDIA A100 GPUs at no additional cost through dynamic allocation
Expand Down
15 changes: 13 additions & 2 deletions docs/hub/audit-logs.md
Original file line number Diff line number Diff line change
@@ -1,12 +1,23 @@
# Audit Logs

<Tip warning={true}>
This feature is part of the <a href="https://huggingface.co/enterprise" target="_blank">Enterprise Hub</a>.
This feature is part of the <a href="https://huggingface.co/enterprise">Enterprise Hub</a>.
</Tip>

Audit Logs enable organization admins to easily review actions taken by members, including organization membership, repository settings and billing changes.

![](https://huggingface.co/datasets/huggingface/documentation-images/resolve/main/enterprise/audit-logs.png)
<div class="flex justify-center" style="max-width: 550px">
<img
class="block dark:hidden !m-0"
src="https://huggingface.co/datasets/huggingface/documentation-images/resolve/main/enterprise/audit-logs.png"
alt="screenshot of Hugging Face Audit Logs feature"
/>
<img
class="hidden dark:block !m-0"
src="https://huggingface.co/datasets/huggingface/documentation-images/resolve/main/enterprise/dark-audit-logs.png"
alt="screenshot of Hugging Face Audit Logs feature"
/>
</div>

## Accessing Audit Logs

Expand Down
4 changes: 2 additions & 2 deletions docs/hub/enterprise-hub-advanced-security.md
Original file line number Diff line number Diff line change
@@ -1,12 +1,12 @@
# Advanced Security

<Tip warning={true}>
This feature is part of the <a href="https://huggingface.co/enterprise" target="_blank">Enterprise Hub</a>.
This feature is part of the <a href="https://huggingface.co/enterprise">Enterprise Hub</a>.
</Tip>

Enterprise Hub organizations can improve their security with advanced security controls for both members and repositories.

<div class="flex justify-center">
<div class="flex justify-center" style="max-width: 550px">
<img class="block dark:hidden !m-0" src="https://huggingface.co/datasets/huggingface/documentation-images/resolve/main/enterprise/advanced-security.png" alt="screenshot of the Dataset Viewer on a private dataset owned by an Enterprise Hub organization."/>
<img class="hidden dark:block !m-0" src="https://huggingface.co/datasets/huggingface/documentation-images/resolve/main/enterprise/advanced-security-dark.png" alt="screenshot of the Dataset Viewer on a private dataset owned by an Enterprise Hub organization."/>
</div>
Expand Down
4 changes: 2 additions & 2 deletions docs/hub/enterprise-hub-analytics.md
Original file line number Diff line number Diff line change
@@ -1,14 +1,14 @@
# Analytics

<Tip warning={true}>
This feature is part of the <a href="https://huggingface.co/enterprise" target="_blank">Enterprise Hub</a>.
This feature is part of the <a href="https://huggingface.co/enterprise">Enterprise Hub</a>.
</Tip>

## Analytics Dashboard

Track all your repository activity with a detailed downloads overview that shows total downloads for all your Models and Datasets. Toggle between "All Time" and "Last Month" views to gain insights into your repository's downloads over different periods.

<div class="flex justify-center">
<div class="flex justify-center" style="max-width: 550px">
<img class="block dark:hidden !m-0" src="https://huggingface.co/datasets/huggingface/documentation-images/resolve/main/enterprise-analytics.png" alt="screenshot of the Dataset Viewer on a private dataset owned by an Enterprise Hub organization."/>
<img class="hidden dark:block !m-0" src="https://huggingface.co/datasets/huggingface/documentation-images/resolve/main/enterprise-analytics-dark.png" alt="screenshot of the Dataset Viewer on a private dataset owned by an Enterprise Hub organization."/>
</div>
Expand Down
6 changes: 3 additions & 3 deletions docs/hub/enterprise-hub-datasets.md
Original file line number Diff line number Diff line change
@@ -1,14 +1,14 @@
# Datasets

<Tip warning={true}>
This feature is part of the <a href="https://huggingface.co/enterprise" target="_blank">Enterprise Hub</a>.
This feature is part of the <a href="https://huggingface.co/enterprise">Enterprise Hub</a>.
</Tip>

The Dataset Viewer is enabled on private datasets owned by an Enterprise Hub organization.
The Dataset Viewer is enabled on private datasets owned by an Enterprise Hub organization.

The Dataset Viewer allows teams to understand their data and to help them build better data processing and filtering for AI. The Viewer allows to explore the datasets content, inspect data distributions, filter by values and even search for keywords. It also includes the datasets conversion to Parquet which can be used for programmatic data visualization.

See [Dataset Viewer](./datasets-viewer) for more information.
[More information about the Dataset Viewer](./datasets-viewer)

<div class="flex justify-center">
<img class="block dark:hidden" src="https://huggingface.co/datasets/huggingface/documentation-images/resolve/main/hub/private-dataset-viewer.png" alt="screenshot of the Dataset Viewer on a private dataset owned by an Enterprise Hub organization."/>
Expand Down
29 changes: 26 additions & 3 deletions docs/hub/enterprise-hub-resource-groups.md
Original file line number Diff line number Diff line change
@@ -1,9 +1,32 @@
# Resource groups

<Tip warning={true}>
This feature is part of the <a href="https://huggingface.co/enterprise" target="_blank">Enterprise Hub</a>.
This feature is part of the <a href="https://huggingface.co/enterprise">Enterprise Hub</a>.
</Tip>

Resource Groups allow Enterprise Hub organizations to enforce fine-grained access control to their repositories.
Resource Groups allow organizations to enforce fine-grained access control to their repositories.

Read the [documentation for Resource Groups under the Security section](./security-resource-groups).
<div class="flex justify-center" style="max-width: 550px">
<img
class="block dark:hidden !m-0"
src="https://huggingface.co/datasets/huggingface/documentation-images/resolve/main/enterprise/resource-groups.png"
alt="screenshot of Hugging Face Single Sign-On (SSO) feature"
/>
<img
class="hidden dark:block !m-0"
src="https://huggingface.co/datasets/huggingface/documentation-images/resolve/main/enterprise/dark-resource-groups.png"
alt="screenshot of Hugging Face Single Sign-On (SSO) feature"
/>
</div>

This feature allows organization administrators to:

- Group related repositories together for better organization
- Control member access at a group level rather than individual repository level
- Assign different permission roles (read, contributor, write, admin) to team members
- Keep private repositories visible only to authorized group members
- Enable multiple teams to work independently within the same organization

This Enterprise Hub feature helps organizations manage complex team structures and maintain proper access control over their repositories.

[Getting started with Resource Groups →](./security-resource-groups)
41 changes: 18 additions & 23 deletions docs/hub/enterprise-hub-tokens-management.md
Original file line number Diff line number Diff line change
@@ -1,59 +1,54 @@
# Tokens Management

<Tip warning={true}>
This feature is part of the <a href="https://huggingface.co/enterprise" target="_blank">Enterprise Hub</a>.
This feature is part of the <a href="https://huggingface.co/enterprise">Enterprise Hub</a>.
</Tip>

Tokens Management allows organization administrators to control access tokens within their organization, ensuring that only authorized users have access to organization resources.

Tokens Management enables organization administrators to oversee access tokens within their organization, ensuring secure access to organization resources.

## Viewing and Managing Access Tokens

The token listing feature provides a view of all access tokens within your organization. Administrators can:
The token listing feature displays all access tokens within your organization. Administrators can:

- Monitor token usage and identify or prevent potential security risks:
- unauthorized access to private resources ("leak")
- scopes of access that are too wide
- improvable token hygienics (tokens that have not been rotated in a long time, for example)
- Identify inactive or unused tokens that can be revoked
- Unauthorized access to private resources ("leaks")
- Overly broad access scopes
- Suboptimal token hygiene (e.g., tokens that have not been rotated in a long time)
- Identify and revoke inactive or unused tokens

<div class="flex justify-center">
<img class="block dark:hidden" src="https://huggingface.co/datasets/huggingface/documentation-images/resolve/main/hub/tokens-management-list.png" />
<img class="hidden dark:block" src="https://huggingface.co/datasets/huggingface/documentation-images/resolve/main/hub/tokens-management-list-dark.png" />
</div>


Fine-grained tokens can be reviewed to see their permissions:
Fine-grained tokens display their specific permissions:

<div class="flex justify-center">
<img class="block dark:hidden" src="https://huggingface.co/datasets/huggingface/documentation-images/resolve/main/hub/tokens-management-detail.png" />
<img class="hidden dark:block" src="https://huggingface.co/datasets/huggingface/documentation-images/resolve/main/hub/tokens-management-detail-dark.png" />
</div>

## Token Policy

## Token policy

With Tokens Management, Enterprise org admins can decide which of the following policies they want to enforce:

| **Policy** | **Unscoped (Read/Write) Access Tokens** | **Fine-Grained Tokens** |
| --- | --- | --- |
| **Allow access via User Access Tokens (default)** | Authorized | Authorized |
| **Only access via fine-grained tokens** | Unauthorized | Authorized |
| **Do not require administrator approval** | Unauthorized | Authorized |
| **Require administrator approval** | Unauthorized | Unauthorized without an approval (except for admin-created) |
Enterprise organization administrators can enforce the following policies:

| **Policy** | **Unscoped (Read/Write) Access Tokens** | **Fine-Grained Tokens** |
| ------------------------------------------------- | --------------------------------------- | ----------------------------------------------------------- |
| **Allow access via User Access Tokens (default)** | Authorized | Authorized |
| **Only access via fine-grained tokens** | Unauthorized | Authorized |
| **Do not require administrator approval** | Unauthorized | Authorized |
| **Require administrator approval** | Unauthorized | Unauthorized without an approval (except for admin-created) |

<div class="flex justify-center">
<img class="block dark:hidden" src="https://huggingface.co/datasets/huggingface/documentation-images/resolve/main/hub/tokens-management-policy.png" />
<img class="hidden dark:block" src="https://huggingface.co/datasets/huggingface/documentation-images/resolve/main/hub/tokens-management-policy.png" />
</div>


## Reviewing Token Authorization

When your token policy is set to "Require administrator approval", organization administrators can view the details of all fine-grained tokens with access to resources owned by the organization. They can also revoke access to those tokens. Organization administrators will receive an email when an authorization is requested for a fine-grained token.
When token policy is set to "Require administrator approval", organization administrators can review details of all fine-grained tokens accessing organization-owned resources and revoke access if needed. Administrators receive email notifications for token authorization requests.

When a token is revoked or denied, the user who created the token will receive an email notification.
When a token is revoked or denied, the user who created the token receives an email notification.

<div class="flex justify-center">
<img class="block dark:hidden" src="https://huggingface.co/datasets/huggingface/documentation-images/resolve/main/hub/tokens-management-review.png" />
Expand Down
11 changes: 9 additions & 2 deletions docs/hub/enterprise-hub.md
Original file line number Diff line number Diff line change
@@ -1,12 +1,19 @@
# Enterprise Hub

<Tip>
<a href="https://huggingface.co/enterprise" target="_blank">Subscribe to Enterprise Hub</a> to get access to advanced features for your organization.
</Tip>

Enterprise Hub adds advanced capabilities to organizations, enabling safe, compliant and managed collaboration for companies and teams on Hugging Face.

![](https://huggingface.co/datasets/huggingface/documentation-images/resolve/main/enterprise/enterprise-hub.png)
<a href="https://huggingface.co/enterprise" class="flex justify-center">
<img class="block dark:hidden" src="https://huggingface.co/datasets/huggingface/documentation-images/resolve/main/enterprise/enterprise-header.png" />
<img class="hidden dark:block" src="https://huggingface.co/datasets/huggingface/documentation-images/resolve/main/enterprise/dark-enterprise-header.png" />
</a>

In this section we will document the following Enterprise Hub features:

- [SSO](./enterprise-sso)
- [Single Sign-On (SSO)](./enterprise-sso)
- [Audit Logs](./audit-logs)
- [Storage Regions](./storage-regions)
- [Dataset viewer for Private datasets](./enterprise-hub-datasets)
Expand Down
29 changes: 27 additions & 2 deletions docs/hub/enterprise-sso.md
Original file line number Diff line number Diff line change
@@ -1,7 +1,32 @@
# Single Sign-On (SSO)

<Tip warning={true}>
This feature is part of the <a href="https://huggingface.co/enterprise" target="_blank">Enterprise Hub</a>.
This feature is part of the <a href="https://huggingface.co/enterprise">Enterprise Hub</a>.
</Tip>

Read the [documentation for SSO under the Security section](./security-sso).
Single sign-on (SSO) allows organizations to securely manage user authentication through their own identity provider (IdP). Both SAML 2.0 and OpenID Connect (OIDC) protocols are supported.

<div class="flex justify-center" style="max-width: 550px">
<img
class="block dark:hidden !m-0"
src="https://huggingface.co/datasets/huggingface/documentation-images/resolve/main/enterprise/SSO.png"
alt="screenshot of Hugging Face Single Sign-On (SSO) feature"
/>
<img
class="hidden dark:block !m-0"
src="https://huggingface.co/datasets/huggingface/documentation-images/resolve/main/enterprise/dark-SSO.png"
alt="screenshot of Hugging Face Single Sign-On (SSO) feature"
/>
</div>

This feature allows organizations to:

- Enforce mandatory authentication through your company's IdP
- Automatically manage user access and roles based on your IdP attributes
- Support popular providers like Okta, OneLogin, and Azure Active Directory
- Maintain security while allowing external collaborators when needed
- Control session timeouts and role mappings

This Enterprise Hub feature helps organizations maintain consistent security policies while giving their teams seamless access to Hugging Face resources.

[Getting started with SSO →](./security-sso)
11 changes: 4 additions & 7 deletions docs/hub/organizations-security.md
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ You can set up [Single Sign-On (SSO)](./security-sso) to be able to map access c

Advanced and more fine-grained access control can be achieved with [Resource Groups](./security-resource-groups).

The Resource Group feature is part of the <a href="https://huggingface.co/enterprise" target="_blank">Enterprise Hub</a>.
The Resource Group feature is part of the <a href="https://huggingface.co/enterprise">Enterprise Hub</a>.

</Tip>

Expand All @@ -31,25 +31,22 @@ As an organization `admin`, go to the **Members** section of the org settings to
<img class="hidden dark:block" src="https://huggingface.co/datasets/huggingface/documentation-images/resolve/main/hub/org-members-page-dark.png"/>
</div>


## Viewing members' email address

<Tip warning={true}>
This feature is part of the <a href="https://huggingface.co/enterprise" target="_blank">Enterprise Hub</a>.
This feature is part of the <a href="https://huggingface.co/enterprise">Enterprise Hub</a>.
</Tip>

You may be able to view the email addresses of members of your organization. The visibility of the email addresses depends on the organization's SSO configuration, or verified organization status.

- If you [verify a domain for your organization](./organizations-managing#organization-domain-name), you can view members' email addresses for the verified domain.
- If SSO is configured for your organization, you can view the email address for each of your organization members by setting `Matching email domains` in the SSO configuration

- If SSO is configured for your organization, you can view the email address for each of your organization members by setting `Matching email domains` in the SSO configuration

<div class="flex justify-center">
<img class="block dark:hidden" src="https://huggingface.co/datasets/huggingface/documentation-images/resolve/main/hub/org-members-page-emails.png"/>
<img class="hidden dark:block" src="https://huggingface.co/datasets/huggingface/documentation-images/resolve/main/hub/org-members-page-emails-dark.png"/>
</div>


## Managing Access Tokens with access to my organization

See [Tokens Management](./enterprise-hub-tokens-management)
See [Tokens Management](./enterprise-hub-tokens-management)
Loading

0 comments on commit fa5547e

Please sign in to comment.